{ config, pkgs, lib, ... }:

{
  services.keycloak = {
    enable = false;
    settings = {
      hostname = "keycloak.local";
      hostname-strict-backchannel = true;
      http-host = "127.0.0.1";
      http-port = 4080;
      #https-port = 4443;
    };
    initialAdminPassword = "tegMEHle6Wcm0Rr";
    #sslCertificate = "/run/keys/ssl_cert";
    #sslCertificateKey = "/run/keys/ssl_key";
    database = {
      type = "postgresql";
      username = "keycloak";
      host = "localhost";
      port = 5432;
      name = "keycloak";
      passwordFile = "/run/keys/keycloak-db-passfile";
    };
  };
}
